mirror of
https://github.com/hasura/graphql-engine.git
synced 2024-12-18 13:02:11 +03:00
b9b5c3dafe
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3904 Co-authored-by: Naveen Naidu <30195193+Naveenaidu@users.noreply.github.com> GitOrigin-RevId: d78180b675955c6bb9c118f9839857380175093d
76 lines
2.9 KiB
Haskell
76 lines
2.9 KiB
Haskell
module Hasura.GraphQL.Execute.Common
|
|
( MonadGQLExecutionCheck (..),
|
|
)
|
|
where
|
|
|
|
import Data.Aeson.Ordered qualified as JO
|
|
import Hasura.Base.Error
|
|
import Hasura.GraphQL.Execute.Backend
|
|
import Hasura.GraphQL.Transport.HTTP.Protocol
|
|
import Hasura.Metadata.Class
|
|
import Hasura.Prelude
|
|
import Hasura.RQL.Types
|
|
import Hasura.Server.Types (RequestId)
|
|
import Hasura.Session
|
|
import Hasura.Tracing qualified as Tracing
|
|
import Network.HTTP.Types qualified as HTTP
|
|
import Network.Wai.Extended qualified as Wai
|
|
|
|
-- | Typeclass representing safety checks (if any) that need to be performed
|
|
-- before a GraphQL query should be allowed to be executed. In OSS, the safety
|
|
-- check is to check in the query is in the allow list.
|
|
--
|
|
-- the `executeIntrospection` function has different implementations in OSS and
|
|
-- Pro. In Pro, the GraphQL schema introspection can be disabled for specified
|
|
-- roles and in OSS there is no restrictions.
|
|
--
|
|
-- | TODO (from master): Limitation: This parses the query, which is not ideal if we already
|
|
-- have the query cached. The parsing happens unnecessary. But getting this to
|
|
-- either return a plan or parse was tricky and complicated.
|
|
class Monad m => MonadGQLExecutionCheck m where
|
|
checkGQLExecution ::
|
|
UserInfo ->
|
|
([HTTP.Header], Wai.IpAddress) ->
|
|
-- | allow list enabled?
|
|
Bool ->
|
|
-- | needs allow list
|
|
SchemaCache ->
|
|
-- | the unparsed GraphQL query string (and related values)
|
|
GQLReqUnparsed ->
|
|
RequestId ->
|
|
m (Either QErr GQLReqParsed)
|
|
|
|
executeIntrospection ::
|
|
UserInfo ->
|
|
JO.Value ->
|
|
SetGraphqlIntrospectionOptions ->
|
|
m (Either QErr ExecutionStep)
|
|
|
|
instance MonadGQLExecutionCheck m => MonadGQLExecutionCheck (ExceptT e m) where
|
|
checkGQLExecution ui det enableAL sc req requestId =
|
|
lift $ checkGQLExecution ui det enableAL sc req requestId
|
|
|
|
executeIntrospection userInfo introspectionQuery rolesDisabled =
|
|
lift $ executeIntrospection userInfo introspectionQuery rolesDisabled
|
|
|
|
instance MonadGQLExecutionCheck m => MonadGQLExecutionCheck (ReaderT r m) where
|
|
checkGQLExecution ui det enableAL sc req requestId =
|
|
lift $ checkGQLExecution ui det enableAL sc req requestId
|
|
|
|
executeIntrospection userInfo introspectionQuery rolesDisabled =
|
|
lift $ executeIntrospection userInfo introspectionQuery rolesDisabled
|
|
|
|
instance MonadGQLExecutionCheck m => MonadGQLExecutionCheck (Tracing.TraceT m) where
|
|
checkGQLExecution ui det enableAL sc req requestId =
|
|
lift $ checkGQLExecution ui det enableAL sc req requestId
|
|
|
|
executeIntrospection userInfo introspectionQuery rolesDisabled =
|
|
lift $ executeIntrospection userInfo introspectionQuery rolesDisabled
|
|
|
|
instance MonadGQLExecutionCheck m => MonadGQLExecutionCheck (MetadataStorageT m) where
|
|
checkGQLExecution ui det enableAL sc req requestId =
|
|
lift $ checkGQLExecution ui det enableAL sc req requestId
|
|
|
|
executeIntrospection userInfo introspectionQuery rolesDisabled =
|
|
lift $ executeIntrospection userInfo introspectionQuery rolesDisabled
|